Embodiments of the invention relate to secure permission based directory traversal, in particular, for secure portable operating system interface (POSIX®) directory traversing for opening and accessing files by inode number.
POSIX® is a group of standards specified by the Institute of Electrical and Electronics Engineers (IEEE) Computer Society for maintaining compatibility between operating systems. POSIX® defines the application programming interface (API), and command line shells and utility interfaces, for software compatibility with variants of UNIX® and other operating systems. Information for a POSIX® file is stored in a structure referred to as an inode. Each file has its own inode, which has a mode that includes file permissions and the file type or a directory indication. The permissions are represented as “r” (read permission) “w” (write permission) and “x” (execute permission for executable files) for a user, group and for other. The user, group and other each have three bits. When traversing a directory, file system checks the permissions for directory and file access at each directory traversal and for each file. In order to overcome the permission checking of each directory and each file, some systems provide blanket permissions. By giving a blanket permission, several users or a group of users gain blanket permission to open and access any file by its inode number. Therefore, the file system either provides permission checking for each level in a directory traversal for each file, or blanket access permission.